Question
Why can’t I deactivate Incident Response (IR) mode?
Versions:
- All Versions
Answer
The main issue a user might have with being able to deactivate IR mode is the lack of ability to deactivate it when assets are disconnected from the network. This is not a bug!
Incident Response mode in resembles real life is the situation wherein the CISO is temporarily privileged to suspend operation of certain assets or parts of the network in order to protect them from the currently ongoing attack. Whenever incident response is no longer in effect, the network needs to be returned to normal operation.
If you are unsure about the connection state of certain assets, just make sure the “Reconnect to Network” action is unavailable. Logically, if all the assets are reconnected, that action should not be available, and you should be able to deactivate IR mode.
Copyright © 2025 by Derezzed Inc. D/B/A ThreatGEN. All rights reserved.